Thursday Aug 26, 2004

The Pump Don't Work 'Cause the Vandals Took the Handles

Whether you are trying to figure out why the pump "don't work" or you are trying to protect the pump from the iVandals out in the real world, Solaris 10 can help you deal with these and many other situations. DTrace is known as the technology which provides concise answers to arbitrary questions. It has been used within Sun and by our customers to improve the performance of the operating system and applications alike and to help find the root cause of bugs which previously were difficult, if not near impossible to find using traditional debugging techniques. It allows such analysis, safely, on production systems without requiring recompilation of the operating system or the application and without having to recreate the production environment where a problem has been observed.

Zones can help isolate application environments from one another such that even if one becomes a privileged user in one of the application environments, the damage one can cause on purpose or inadvertently is isolated to that one zone or container. The degree of isolation is such that each zone can be rebooted independently without affecting any other zones on the system or the machine as a whole (and the zones boot very quickly - for example, on a Sun Fire V60x a zone can boot in as little as eight seconds, from a halted state to login prompt.)

Finally, the Predictive Self-Healing technology can help customers maximize the availability of their computing resources, and to handle faults that may occur whether in software or in hardware. In the past, typically problems resulted in a number of messages appearing in the system log which left both customers and often service personnel scratching their heads, trying to make sense of these symptoms. Predictive Self-Healing instead observes generated error events or telemetry and once sufficient telemetry has been been obtained, diagnosis engines can generate a single fault event to agents which can respond to the diagnosed fault.

Not too long ago, a number of engineers who designed these new frameworks participated in three Sun Expert Exchanges where over a live chat system we were able to answer technical questions about these features and get valuable feedback from customers. The transcript of the DTrace exchange in which Adam and Bryan and others participated can be found here. About a month later, Andy and Dan and I participated in an exchange on Zones which not only was a great deal of fun but provided us with a lot of interesting input and we hope was helpful to both current zones users and interested parties alike. The transcript for that exchange is available here. And about a week ago, some of the architects of the Predictive Self Healing functionality participated in their own exchange and its transcript is available here.

Transcripts from other Expert Exchanges are available as well here under Archives and registration is open for a number of other planned sessions including one on ZFS (The Zettabyte Filesystem) and the many fundamental security enhancements that have been made to Solaris 10.

Technorati Tag:
Technorati Tag:
Technorati Tag:
Technorati Tag:

Friday Aug 06, 2004

What's New Pussycat?

Support for Zones was initially released in the Software Express for Solaris 2/04 release. Since then, we have been working on adding a number of enhancements as well as fixing a number of bugs that have been reported. Of course, the definitive source for what has changed in each of the Solaris releases can be found in that release's Solaris What's New document. However, I thought it might be useful to summarize the Zones enhancements that have been released since February and what is coming in the upcoming Software Express for Solaris release.

In the Software Express for Solaris 7/04 release, support for Zones being NFSv4 clients was added. In that particular build, the default NFS version was still three (3) but this can be changed by editing the file /etc/default/nfs and uncommenting and changing the NFS_CLIENT_VERSMAX parameter to 4. For more information, please see the nfs(4) manual page. Note that in the upcoming Software Express for Solaris release, the default NFS version will be four (4) although the system will negotiate a lower version as necessary.

On a similar note, the statistics reported by nfsstat(1M) have been virtualized on a per-zone basis.

With the power of the Tecla command-line editing library, the zonecfg(1M) command now supports command line editing, command history and tab completion within interactive mode. This new functionality can make it far easier to enter or edit a zone's configuration. In addition, each user can customize their own particular set of key bindings through the file .teclarc in their home directory.

One of the other new features in this release is the ability to specify a richer set of file systems through zonecfg(1M) Previously, the administrator could specify a restricted set of file systems such as lofs(7FS) or tmpfs(7FS). This restriction to a large degree is lifted in this release, allowing the administrator to specify file systems like ufs(7FS).

For example, consider this update to the configuration of the zone myzone:
        global# zonecfg -z myzone
        zonecfg:myzone> add fs
        zonecfg:myzone:fs> set dir=/source
        zonecfg:myzone:fs> set special=/dev/md/dsk/d4
        zonecfg:myzone:fs> set raw=/dev/md/rdsk/d4
        zonecfg:myzone:fs> set type=ufs
        zonecfg:myzone:fs> end
        zonecfg:myzone> commit
        zonecfg:myzone> exit

What we have added to the configuration is a UFS file system that will automatically be mounted as /source when the zone is booted. The partition used is a Solaris Volume Manager metadevice that was created and initialized from within the global zone.

Finally, the Software Express for Solaris 7/04 release includes two enhancements to the ps(1) command to add zone information to any current command output and to filter information based on one or more zones. The new -Z option adds a ZONE column to any report generated by ps(1) while the -z zidlist option prints only those processes belong to the zones specified in the comma-separated zidlist (zones can be listed either by name or by their ID number.)

In the upcoming Software Express for Solaris release, there are three additional enhancements being introduced for Zones. As a teaser, I will briefly describe them now and cover them later in more depth when the release is made available.

When resource pools have been enabled, the first enhancement more accurately reports the processor resources available to a zone and their statistics as reported by commands such as iostat(1M) , mpstat(1M) , vmstat(1M) , psrinfo(1M) and sar(1). In a similar manner, library routines such as getloadavg(3C) and sysconf(3C) (the latter when invoked for _SC_NPROCESSORS_CONF or _SC_NPROCESSORS_ONLN) only return information for the processors in the set a particular zone is bound to.

In addition, a new resource control has been introduced, zone.max-lwps, which allows a global zone administrator to limit the number of lightweight processes or LWPs that can be created inside a zone. From within the zone itself, another new resource control, project.max-lwps, can be used to further divide the total number of LWPs amongst the projects defined in the zone.

Finally, Solaris Auditing can now be configured for zones in a number of different ways. The global zone administrator can specify whether the whole system should be audited as a whole or whether each zone can be audited separately. In the latter case, each zone has its own audit configuration and that zone's administrator can configure and process their audit trails independently from the other zones on the system.

We welcome hearing about your experiences or problems with using Zones and of any feature enhancements you would like to see.

Technorati Tag:
Technorati Tag:
Technorati Tag:
Technorati Tag:




« June 2016